Jump to content
Posted 18 November 2017 - 01:02 PM
Posted 01 December 2017 - 09:03 AM
Our organization was hit hard recently with the Cry36 Ransomware. I know there is no way to decrypt this at the moment, but I may have some files to help those out there that work on decryption tools. After scouring event logs and files for hours, I came across some of the files they used to hack and left behind. Hopefully these will be useful to someone. Let me know if you need any more information. I was able to recognize where they had logged in from a remote desktop connection, attempted to use this software, but antimalware software shut them down, then they connected to other machines on the network until they got it to work. Here's the link to the .zip file with the files: https://drive.google.com/file/d/18CFi8U5KhY9UxrKMw-GOWPgz3BAVkuuf/view?usp=sharing
Posted 05 December 2017 - 10:03 AM
Has anyone successfully paid the ransom and received a working unlocker/key, etc for Cry36? If so, would you be willing to share your unlock software and key for reverse engineering purposes?
Posted 05 December 2017 - 12:18 PM
Here's the link to the .zip file with the files: https://drive.google.com/file/d/18CFi8U5KhY9UxrKMw-GOWPgz3BAVkuuf/view?usp=sharing
You should use another service than google drive as there is an error with google drive "Sorry, this file is infected by a virus, only the owner is allowed to download infected files.".
Kind regards, Emmanuel
Posted 10 December 2017 - 06:45 AM
Hi, I got an unlocker that payed. Our files encrypted as "id_xxx_[firstname.lastname@example.org].nemesis". As friends said, it's showing "error extention file". I want to solve this problem. But I don't know where to start. Can someone help me about starting point of reverse engineering?
0 members, 0 guests, 0 anonymous users